소스 검색
Added kibana (#2286)
Added kibana to make elastic management easier. PR #1710 did this. PR #1714 revert this. This PR did again and fix some bugs. - [x] Bug Fix (non-breaking change which fixes an issue) - [x] New Feature (non-breaking change which adds functionality)tags/v0.11.0
Zhichang Yu
1 년 전
+ 1
- 1
README.md
파일 보기
| @@ -192,7 +192,7 @@ Try our demo at [https://demo.ragflow.io](https://demo.ragflow.io). | |||
| * Running on http://x.x.x.x:9380 | |||
| INFO:werkzeug:Press CTRL+C to quit | |||
| ``` | |||
| > If you skip this confirmation step and directly log in to RAGFlow, your browser may prompt a `network anomaly` error because, at that moment, your RAGFlow may not be fully initialized. | |||
| > If you skip this confirmation step and directly log in to RAGFlow, your browser may prompt a `network abnormal` error because, at that moment, your RAGFlow may not be fully initialized. | |||
| 5. In your web browser, enter the IP address of your server and log in to RAGFlow. | |||
| > With the default settings, you only need to enter `http://IP_OF_YOUR_MACHINE` (**sans** port number) as the default HTTP serving port `80` can be omitted when using the default configurations. | |||
+ 1
- 1
README_ko.md
파일 보기
| @@ -178,7 +178,7 @@ | |||
| * Running on http://x.x.x.x:9380 | |||
| INFO:werkzeug:Press CTRL+C to quit | |||
| ``` | |||
| > 만약 확인 단계를 건너뛰고 바로 RAGFlow에 로그인하면, RAGFlow가 완전히 초기화되지 않았기 때문에 브라우저에서 `network anomaly` 오류가 발생할 수 있습니다. | |||
| > 만약 확인 단계를 건너뛰고 바로 RAGFlow에 로그인하면, RAGFlow가 완전히 초기화되지 않았기 때문에 브라우저에서 `network abnormal` 오류가 발생할 수 있습니다. | |||
| 5. 웹 브라우저에 서버의 IP 주소를 입력하고 RAGFlow에 로그인하세요. | |||
| > 기본 설정을 사용할 경우, `http://IP_OF_YOUR_MACHINE`만 입력하면 됩니다 (포트 번호는 제외). 기본 HTTP 서비스 포트 `80`은 기본 구성으로 사용할 때 생략할 수 있습니다. | |||
+ 1
- 1
README_zh.md
파일 보기
| @@ -167,7 +167,7 @@ | |||
| * Running on http://x.x.x.x:9380 | |||
| INFO:werkzeug:Press CTRL+C to quit | |||
| ``` | |||
| > 如果您跳过这一步系统确认步骤就登录 RAGFlow,你的浏览器有可能会提示 `network anomaly` 或 `网络异常`,因为 RAGFlow 可能并未完全启动成功。 | |||
| > 如果您跳过这一步系统确认步骤就登录 RAGFlow,你的浏览器有可能会提示 `network abnormal` 或 `网络异常`,因为 RAGFlow 可能并未完全启动成功。 | |||
| 5. 在你的浏览器中输入你的服务器对应的 IP 地址并登录 RAGFlow。 | |||
| > 上面这个例子中,您只需输入 http://IP_OF_YOUR_MACHINE 即可:未改动过配置则无需输入端口(默认的 HTTP 服务端口 80)。 | |||
+ 1
- 1
SECURITY.md
파일 보기
| @@ -18,7 +18,7 @@ main | |||
| ### Actual behavior | |||
| The restricted_loads function at [api/utils/__init__.py#L215](https://github.com/infiniflow/ragflow/blob/main/api/utils/__init__.py#L215) is still vulnerable leading via code execution. | |||
| The main reson is that numpy module has a numpy.f2py.diagnose.run_command function directly execute commands, but the restricted_loads function allows users import functions in module numpy. | |||
| The main reason is that numpy module has a numpy.f2py.diagnose.run_command function directly execute commands, but the restricted_loads function allows users import functions in module numpy. | |||
| ### Steps to reproduce | |||
+ 5
- 1
docker/docker-compose-admin-tool.yml
파일 보기
| @@ -1,3 +1,7 @@ | |||
| include: | |||
| - path: ./docker-compose.yml | |||
| env_file: ./.env | |||
| services: | |||
| kibana: | |||
| image: kibana:${STACK_VERSION} | |||
| @@ -12,7 +16,7 @@ services: | |||
| es01: | |||
| condition: service_healthy | |||
| kibana-user-init: | |||
| condition: service_completed_successfully | |||
| condition: service_completed_successfully | |||
| networks: | |||
| - ragflow | |||
+ 3
- 0
docker/entrypoint.sh
파일 보기
| @@ -1,5 +1,8 @@ | |||
| #!/bin/bash | |||
| # unset http proxy which maybe set by docker daemon | |||
| export http_proxy=""; export https_proxy=""; export no_proxy=""; export HTTP_PROXY=""; export HTTPS_PROXY=""; export NO_PROXY="" | |||
| /usr/sbin/nginx | |||
| export LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/ | |||
+ 56
- 19
docker/init-kibana.sh
파일 보기
| @@ -1,30 +1,67 @@ | |||
| #!/bin/bash | |||
| # 等待 Elasticsearch 啟動 | |||
| until curl -u "elastic:${ELASTIC_PASSWORD}" -s http://es01:9200 >/dev/null; do | |||
| echo "等待 Elasticsearch 啟動..." | |||
| sleep 5 | |||
| done | |||
| # unset http proxy which maybe set by docker daemon | |||
| export http_proxy=""; export https_proxy=""; export no_proxy=""; export HTTP_PROXY=""; export HTTPS_PROXY=""; export NO_PROXY="" | |||
| echo "Elasticsearch built-in user: elastic:${ELASTIC_PASSWORD}" | |||
| echo "使用者: elastic:${ELASTIC_PASSWORD}" | |||
| # Wait Elasticsearch be healthy | |||
| while true; do | |||
| response=$(curl -s -v -w "\n%{http_code}" -u "elastic:${ELASTIC_PASSWORD}" "http://es01:9200") | |||
| exit_code=$? | |||
| status=$(echo "$response" | tail -n1) | |||
| if [ $exit_code -eq 0 ] && [ "$status" = "200" ]; then | |||
| echo "Elasticsearch is healthy" | |||
| break | |||
| else | |||
| echo "Elasticsearch is unhealthy: $exit_code $status" | |||
| echo "$response" | |||
| sleep 5 | |||
| fi | |||
| done | |||
| # Create new role with all privileges to all indices | |||
| # https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html#privileges-list-indices | |||
| echo "Going to create Elasticsearch role own_indices with all privileges to all indices" | |||
| while true; do | |||
| response=$(curl -s -v -w "\n%{http_code}" -u "elastic:${ELASTIC_PASSWORD}" -X POST http://es01:9200/_security/role/own_indices -H 'Content-Type: application/json' -d '{"indices": [{"names": ["*"], "privileges": ["all"]}]}') | |||
| exit_code=$? | |||
| status=$(echo "$response" | tail -n1) | |||
| if [ $exit_code -eq 0 ] && [ "$status" = "200" ]; then | |||
| echo "Elasticsearch role own_indices created" | |||
| break | |||
| else | |||
| echo "Elasticsearch role own_indices failure: $exit_code $status" | |||
| echo "$response" | |||
| sleep 5 | |||
| fi | |||
| done | |||
| echo "Elasticsearch role own_indices:" | |||
| curl -u "elastic:${ELASTIC_PASSWORD}" -X GET "http://es01:9200/_security/role/own_indices" | |||
| echo "" | |||
| PAYLOAD="{ | |||
| \"password\" : \"${KIBANA_PASSWORD}\", | |||
| \"roles\" : [ \"kibana_admin\",\"kibana_system\" ], | |||
| \"full_name\" : \"${KIBANA_USER}\", | |||
| \"email\" : \"${KIBANA_USER}@example.com\" | |||
| }" | |||
| echo "新用戶帳戶: $PAYLOAD" | |||
| PAYLOAD="{\"password\": \"${KIBANA_PASSWORD}\", \"roles\": [\"kibana_admin\", \"kibana_system\", \"own_indices\"], \"full_name\": \"${KIBANA_USER}\", \"email\": \"${KIBANA_USER}@example.com\"}" | |||
| # 創建新用戶帳戶 | |||
| curl -X POST "http://es01:9200/_security/user/${KIBANA_USER}" \ | |||
| -u "elastic:${ELASTIC_PASSWORD}" \ | |||
| -H "Content-Type: application/json" \ | |||
| -d "$PAYLOAD"s | |||
| echo "Going to create Elasticsearch user ${KIBANA_USER}: ${PAYLOAD}" | |||
| # Create new user | |||
| while true; do | |||
| response=$(curl -s -v -w "\n%{http_code}" -u "elastic:${ELASTIC_PASSWORD}" -X POST http://es01:9200/_security/user/${KIBANA_USER} -H "Content-Type: application/json" -d "${PAYLOAD}") | |||
| exit_code=$? | |||
| status=$(echo "$response" | tail -n1) | |||
| if [ $exit_code -eq 0 ] && [ "$status" = "200" ]; then | |||
| echo "Elasticsearch user ${KIBANA_USER} created" | |||
| break | |||
| else | |||
| echo "Elasticsearch user ${KIBANA_USER} failure: $exit_code $status" | |||
| echo "$response" | |||
| sleep 5 | |||
| fi | |||
| done | |||
| echo "新用戶帳戶已創建" | |||
| echo "Elasticsearch user ${KIBANA_USER}:" | |||
| curl -u "elastic:${ELASTIC_PASSWORD}" -X GET "http://es01:9200/_security/user/${KIBANA_USER}" | |||
| echo "" | |||
| exit 0 | |||
Loading…